The XOOPS Module WiwiMod v0.4 has a remote file inclusion vulnerability in the spaw_root parameter. This vulnerability allows an attacker to include arbitrary remote files, potentially leading to remote code execution.
Exploit will land you NT AUTHORITYSYSTEM. You do not need to be authenticated, password below is garbage. Swop out IP, shellcode and remember to adjust 'x41' for bytes. Tested on Windows 7 x86 Enterprise SP1. Vendor has been notified on multiple occasions. Exploit for version 9.0.34: www.exploit-db.com/exploits/40452/
This exploit allows an attacker to gain NT AUTHORITYSYSTEM privileges without authentication. The exploit has been tested on Windows 7 x86 Enterprise SP1. The payload size is 308 bytes.
The vulnerability exists in the urunbak.asp script of W1L3D4 WEBmarket v0.1. By manipulating the 'id' parameter in the URL, an attacker can perform SQL injection and retrieve sensitive information from the database. An example exploit URL is provided in the note section.
Core FTP client is vulnerable to remote buffer overflow denial of service when connecting to a malicious server using SSH/SFTP protocol.
This exploit allows an attacker to derandomize the latest Windows 10 Kernel by getting the PML4-Self-Ref entry.
This is a free CMS system. The absolute path is disclosed in a MySQL error when categoria.php's parameter cid is queried with a non-defined variable. Article names are not properly sanitized, allowing a user to insert malicious JavaScript. Articles can have a small image that is uploaded without proper validation, allowing for arbitrary file upload.
This bug can cause a DoS by handling a kernel paging request incorrectly. The exploit triggers a kernel crash with the RIP address being new_page_node+0x31/0x48. The bug was discovered by Ramon de Carvalho Valle in September 2009 through fuzzing. A proof-of-concept DoS was sent on September 24th. The bug was reported to Novell's internal bugzilla and later falsely credited to Marcus Meissner of SuSE security. The exploit was created in 2010 and it is mentioned that the next exploit will target a bug class that has not been exploited on Linux before.
This exploit allows for SQL Injection and Remote Code Execution in Jasmine CMS version 1.0. It can be used to retrieve the admin user and hash, as well as execute arbitrary commands on the target system.
Several Dlink routers contain a pre-authentication stack buffer overflow vulnerability, which is exposed on the LAN interface on port 80. This vulnerability affects the HNAP SOAP protocol, which accepts arbitrarily long strings into certain XML parameters and then copies them into the stack. This exploit has been tested on the real devices DIR-818LW and 868L (rev. B), and it was tested using emulation on the DIR-822, 823, 880, 885, 890 and 895. Others might be affected, and this vulnerability is present in both MIPS and ARM devices. The MIPS devices are powered by Lextra RLX processors, which are crippled MIPS cores lacking a few load and store instructions. Because of this the payloads have to be sent unencoded, which can cause them to fail, although the bind shell seems to work well. For the ARM devices, the inline reverse tcp seems to work best. Check the reference links to see the vulnerable firmware versions.
Services By CQR